Configuring Azure Application Gateway
This document provides a comprehensive guide to configuring your Azure Application Gateway. We'll cover essential components like listeners, rules, backend pools, health probes, and security settings.
Key Configuration Components
1. Listeners
Listeners are essential for receiving incoming traffic. You can configure listeners for different protocols (HTTP/HTTPS), ports, and hostnames.
- Frontend IP Configuration: Public or private IP addresses that your Application Gateway uses.
- Protocol: HTTP or HTTPS.
- Port: The port on which the listener accepts traffic (e.g., 80 for HTTP, 443 for HTTPS).
- Hostnames: Specify hostnames to enable host-based routing.
- SSL Certificate: For HTTPS listeners, you'll need to upload or reference an SSL certificate.
For more details, refer to the Listeners Configuration page.
2. Request Routing Rules
Routing rules define how incoming requests are directed to backend resources. They associate a listener with a backend pool and a health probe.
- Listener: Select the listener to which this rule applies.
- Backend Target: Choose between a Backend Pool or a Backend Service.
- HTTP Settings: Configure settings like backend port, protocol (HTTP/HTTPS), cookie-based affinity, and connection draining.
- Path-based routing: Define rules based on URL paths.
Learn more about Request Routing Rules.
3. Backend Pools
A backend pool is a collection of virtual machines, virtual machine scale sets, or Azure App Services that Application Gateway routes traffic to.
- Target Type: IP address or FQDN.
- Add backend targets: Specify individual IPs, FQDNs, or select from existing Azure resources.
See Backend Pool Configuration for setup instructions.
4. Health Probes
Health probes are used to monitor the health of backend servers. Application Gateway uses this information to send traffic only to healthy instances.
- Protocol: HTTP or HTTPS.
- Host: The host header value to send in the probe request.
- Path: The URI path to send probe requests to.
- Interval, Timeout, Retries: Configure probe parameters.
Explore Health Probe Settings.
5. HTTP Settings
These settings dictate how Application Gateway communicates with the backend servers after receiving a request.
- Backend Protocol: HTTP or HTTPS.
- Backend Port: The port on the backend server (e.g., 80, 443).
- Cookie-based affinity: Enables sticky sessions.
- Connection draining: Allows gracefully removing instances from service.
- Override hostname: Option to override the host header.
- Use well-known CA certificate: For HTTPS backend communication.
- Use specific certificate: For custom CA certificates.
6. SSL Certificates
For HTTPS configurations, secure your Application Gateway with SSL/TLS certificates.
- Upload a certificate: From a .pfx file.
- Refer to a certificate stored in Key Vault: For managed certificate storage.
For detailed guidance on SSL Offloading.
Example Configuration Snippet (JSON)
Below is a simplified example of an Application Gateway configuration resource in JSON format:
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-11-01",
"name": "myApplicationGateway",
"location": "West US",
"properties": {
"sku": {
"name": "Standard_v2",
"tier": "Standard_v2"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/virtualNetworks/.../subnets/..."
}
}
}
],
"frontendIPConfigurations": [
{
"name": "publicFrontendIPConfig",
"properties": {
"publicIPAddress": {
"id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/publicIPAddresses/..."
}
}
}
],
"frontendPorts": [
{
"name": "frontendPort443",
"properties": {
"port": 443
}
}
],
"backendAddressPools": [
{
"name": "appBackendPool",
"properties": {
"backendAddresses": [
{
"ipAddress": "10.0.0.4"
},
{
"ipAddress": "10.0.0.5"
}
]
}
}
],
"httpListeners": [
{
"name": "httpsListener",
"properties": {
"frontendPort": {
"id": ".../frontendPorts/frontendPort443"
},
"frontendIPConfiguration": {
"id": ".../frontendIPConfigurations/publicFrontendIPConfig"
},
"protocol": "Https",
"sslCertificate": {
"id": ".../sslCertificates/mySslCert"
}
}
}
],
"requestRoutingRules": [
{
"name": "rule1",
"properties": {
"httpListener": {
"id": ".../httpListeners/httpsListener"
},
"backendAddressPool": {
"id": ".../backendAddressPools/appBackendPool"
},
"backendHttpSettings": {
"id": ".../httpSettingsCollection/httpSettings1"
}
}
}
],
"httpSettingsCollection": [
{
"name": "httpSettings1",
"properties": {
"protocol": "Http",
"port": 80
}
}
]
// ... other configurations like SSL certificates, WAF policies, etc.
}
}This JSON snippet illustrates the basic structure. For complete details and advanced configurations, consult the Azure Resource Manager (ARM) template documentation.
Next Steps
Explore the following topics to deepen your understanding: